franceconnect: ensure id and secret input are 64-character long (#54852)
This commit is contained in:
parent
afb89ff9a8
commit
77e9e2c539
|
@ -15,6 +15,7 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django import forms
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
|
||||
|
@ -56,6 +57,39 @@ class SettingsForm(forms.Form):
|
|||
help_text=_('These scopes will be requested in addition to openid'),
|
||||
)
|
||||
|
||||
def clean(self):
|
||||
cleaned_data = super().clean()
|
||||
cleaned_data['client_id'] = cleaned_data['client_id'].strip()
|
||||
cleaned_data['client_secret'] = cleaned_data['client_secret'].strip()
|
||||
errors = []
|
||||
|
||||
if len(cleaned_data['client_id']) != 64:
|
||||
errors.append(
|
||||
ValidationError(
|
||||
_('Client identifier must be a 64-character-long string.'), code='client_id_64'
|
||||
)
|
||||
)
|
||||
if len(cleaned_data['client_secret']) != 64:
|
||||
errors.append(
|
||||
ValidationError(
|
||||
_('Client secret must be a 64-character-long string.'), code='client_secret_64'
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
int(cleaned_data['client_id'], 16)
|
||||
except ValueError:
|
||||
errors.append(ValidationError(_('Client identifier must be hexadecimal.'), code='client_id_hexa'))
|
||||
try:
|
||||
int(cleaned_data['client_secret'], 16)
|
||||
except ValueError:
|
||||
errors.append(ValidationError(_('Client secret must be hexadecimal.'), code='client_secret_hexa'))
|
||||
|
||||
if errors:
|
||||
raise ValidationError(errors)
|
||||
|
||||
return cleaned_data
|
||||
|
||||
|
||||
class EnableForm(forms.Form):
|
||||
pass
|
||||
|
|
|
@ -41,9 +41,30 @@ def test_franceconnect(app, admin_user):
|
|||
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 1
|
||||
assert Variable.objects.filter(name__startswith='SETTING_A2_FC_ENABLE', value='true').count() == 1
|
||||
|
||||
# id and secret too short
|
||||
response.form.set('platform', 'prod')
|
||||
response.form.set('client_id', 'xyz')
|
||||
response.form.set('client_secret', '1234')
|
||||
response = response.form.submit()
|
||||
assert "Client identifier must be a 64-character-long string." in response.text
|
||||
assert "Client secret must be a 64-character-long string." in response.text
|
||||
|
||||
# id and secret too long
|
||||
response.form.set('client_id', 'wxyz' * 30)
|
||||
response.form.set('client_secret', '1234' * 30)
|
||||
response = response.form.submit()
|
||||
assert "Client identifier must be a 64-character-long string." in response.text
|
||||
assert "Client secret must be a 64-character-long string." in response.text
|
||||
|
||||
# id and secret not hexadecimal
|
||||
response.form.set('client_id', 'wxyz' * 16)
|
||||
response.form.set('client_secret', '123z' * 16)
|
||||
response = response.form.submit()
|
||||
assert "Client identifier must be hexadecimal." in response.text
|
||||
assert "Client secret must be hexadecimal." in response.text
|
||||
|
||||
response.form.set('client_id', '01ab' * 16)
|
||||
response.form.set('client_secret', '23cd' * 16)
|
||||
response = response.form.submit().follow()
|
||||
|
||||
assert Variable.objects.filter(name__startswith='SETTING_A2_FC').count() == 10
|
||||
|
|
Loading…
Reference in New Issue